Posted
by
timothy
on Tuesday November 08, 2011 @11:44AM
from the oh-you-mean-legal-things-right? dept.

courteaudotbiz writes "For years, a business named Compu-Finder has been sending spam all around the province of Quebec, Canada. In their emails, there is a phone number where we can reach them, and an unsubscribe link that you can click and seems to work, but even after asking them on the phone, by email or with their unsubscribe link, to unsubscribe me, I still receive 10 — 15 spams a week coming from this company. Many bloggers, journalists and radio chroniclers talked about them, but they seem to be untouchable. Still, it is easy to find the names, addresses and phone numbers of the shareholders and administrators of the company. How can we, collectively, take action to make them understand that we do not like their mass mailing practice?"

Doesn't Canada have something like CAN-SPAM? It doesn't work in the US for most unsolicited email, but I haven't had any problems with a US company in years. Our authorities do act against domestic spammers, and when they do it isn't pretty.

How can we, collectively, take action to make them understand that we do not like their mass mailing practice?

Are you under the impression that spam continues because people think we like it? That if they only understood how much we don't like it, they would stop?

I just hope that doesn't mean you are one of the mindless masses who believes that spam is sent out purely to make people angry or waste their time. People of even moderate intellect realize that spam is all about money, and the only way to stop the spam is to stop the flow of money to the spammers - or at least make it more difficult for them to get so much money so easily.

I always wondered who would even read a spam message, let alone respond to it. Has anyone here ever met someone who bought something off a spam email? Someone must be doing it, I just can't imagine who.

The issue with spam is that it is so cheap that even incredibly low rates of return can still be profitable. Like one in a million rates of return, or even the prospect of one day getting a single hit.

People fall for those Nigerian prince scams a few times per year.. reasonable to expect if someone can fall for that, someone can fall for anything. More importantly, the cost per spam is so cheap that even if you only get a few people per million emails, you probably make money.

Alternatively, make their expenses exceed the income or make the degradation to their quality of life exceed the value they derive (tell their kids "your daddy is a dirty spammer and the whole world hates him").

One must be careful not to cross any legal boundaries, but that leaves plenty of room for a bit of personal feedback when you know their physical location.

It continues because they think it is effective. I'm sure they can see if it's making them money and therefore effective. Until something happens that causes them to lose money it is effective for them.

Thus the issue is being handled at the wrong end. Create a spam system yourself, and spam Quebec. Some small number of people will respond positively to your campaign. Use the profits from the campaign to hire assassins and have those people killed.

When you can no longer afford to hire killers to eliminate people that respond positively to spam, the problem will have been defacto resolved.

In order to eliminate ethical concerns, this process should probably be automated - otherwise the profits might actually

True. The thing with spam, like much advertising, is that it's based on wishful thinking and something almost like superstition. They spend money on advertising, and unless they're a huge megacorporation doing serious market research, they just sort of hope that it pays off. Unless there is a big dive in profits that correlates with a marketing campaign, ideally with many angry letters to give the marketroids a hint at what's going on, they'll assume it's all hunky-dory.

Maybe it's the latter. I know that computer-illiterate grannies and total morons buy stuff from spam ads (basically the 419 victim crowd), but I can't imagine the number of them is great enough to make any significant profit for the businesses that advertise through spamming. The act of spamming itself I know is profitable, no question about that...

Usually having a phone number is great!... for the spammers. It now gives them another reference for you and more info to sell and abuse.
as for unsubscribing, well, that just shows them that a live human actually is at that address and reading email from spammers.. Goldstrike if you called and unsubscribed.

as for unsubscribing, well, that just shows them that a live human actually is at that address and reading email from spammers.. Goldstrike if you called and unsubscribed.

If they use the unsubscribe link in order to actively maintain you on their list, that smells like fraud to me.

Remember that something doesn't have to be in direct contravention of your country's Data Protection Act (or equivalent) to be spam -- contract law still holds, and if they offer a way to unsubscribe, you take it and they don't unsubscribe you, that's a breach of agreed terms.

Unfortunately I don't think there is any sort of contract created by clicking/following an unsubscribe link. No exchange of goods or services or money, etc (consideration).
Mind you I'm not a lawyer or any sort of professional legal person and am going on my limited knowledge of US law, maybe Canada is different or there is something I'm not aware of.

actually, they somehow seem not to like when people call them. i usually look up some number, cal it. i start with "hi, do you receive spam ?" - "um... yes" (who doesn't ?) - "do you like it ?" - "...no" (some get suspicious here, some don't) - "then why do you send spam ?"

and here i take some time to rant about spam. sometimes they are very like "sorry" and such, then i just rant for a while. sometimes they are aggressive and go like "what's your problem, just delete it" - then i become slightly more rude,

Greylisting [wikipedia.org] is your friend. Your mail server gives them a service temporarily unavailable error. If their mail server follows the SMTP standard, it comes back a few hours later from the same IP address and gets let through. Most spammers are interested in volume, and don't waste resources following up like that. And if they do, and it happens to be a new IP address, then they get delayed again for having a new IP address.

It doesn't take long for Greylisting filters to learn legitimate hosts, especially if

Get together a list of people who are willing to take action. Get board member and managment phone numbers.

Start calling them, 24/7. No person call more than once a day. Coordinate times, so that they receive calls every ten minutes, 24 hours a day. It is important that no one person call more than once per day. If you have 140 people, you can call every ten minutes for an entire day with no duplicates. If the phone answers, provide a polite, succinct message such as, "Please stop sending me email".

I can speak on this company from a first hand account. I work for an ESP, I actually manage all our mail servers and work closely with ISPs and mail vendors to help out GOOD CLIENTS. I say this because Compu-Finder (although they have an official name that is different) was a client of ours. They were a BAD-CLIENT. We have many tools that are in place to help our clients ensure that best practices are followed as well as easily available to contacts of the client, e.g opt-outs and suppressing those contacts from future emails. Compu-Finder did everything they could to get around built in mechanisms to keep "contacts" subscribed. Well Finally after battling with them on changing their practices we finally fired them. They are the kind of company that makes me cringe because I know there are real, legitimate, marketers out there that do use email to engage clients and keep them up-to-date but they are the ones that make it bad for any sender.

and I work on the other end, supporting a few million email accounts. I like ESPs like you, because you work diligently to keep your senders on the up and up, but this scumbag will just move on to some other ESP, or worse, start connecting with hosted email providers like us, and spam from there.

There is no way to defend against it EXCEPT to put their phone numbers and domains in black lists from the start. That, and as per a suggestion above, kill it with fire.

You should be familiar with MAAWG then. I am a committee member and one major point that comes up with is Vetting. For the most part, we are attempting to have ESPs have an open network of communication regarding business that are known as bad or corrupt in some form and literally BAN them from sending from a MAAWG member. This of course isn't live or current yet but eventually it could work to promote much better sending via known, good ESPs, not the fly-by-sender ESPs that exist everywhere.

Naturally, you want to use the CAN-SPAM act, and send it to spam@uce.gov.

Oh, wait, you wanted something effective, didn't you?

If you want to fight spam effectively you need to focus on the prime motivation behind spam - money. Spam is sent out because people make money sending it out. Ordinarily spam is sent out by a company other than the spamvertised company, which gives you a few more avenues to explore. There are, however, a few things you can still look into.

Make sure they follow the language laws, if not, report them to the language police. They're apparently quite vicious.

Also, Quebec has very special status in Canada since they basically want to do everything themselves and only give token attention to Ottawa (they have their own sales tax - QST, that the Harper Government (tm) is paying $4B or so for them to change it to an "H" to implement the HST which would do the same thing). Quebec can easily make it very hard for a business that's not obeying its laws to do business inside Quebec, even if they're not in Quebec.

It's why in Canada there's lots of things that are "excluding Quebec" - not just sweepstakes/lottos/etc, but also products that basically are unavailable to be shipped to Quebec. They have the requisite French, but they don't meet some other part of Quebec law and are therefore disallowed.

Quebec has a special legal status in Canada because Canada is still, last I checked, a federation.

That being said, Francophones are welcoming, friendly people. Some people live here without ever uttering a French word and Quebecois go out of their way to accommodate them. Those who want to learn French are actually annoyed by it.

Montreal is a truly multicultural city, and every small culture is free to express itself, in all manners, restaurants, soccer team fans, and they are and do feel appreciated.

At first glance we see this is the personally efficient way to handle the situation. Block their mail and move on. But then we might wonder if we're being a little selfish, not engaging our computer skills to help out others, the many others who are negatively affected by this spam. A little altruism is generally recognized as a noble thing...

This could lead us to thinking about the systems that have been developed for reporting spam, how individuals have been empowered to spend little effort in reporting, and how, when summed, that individually trivial effort, of thousands and thousands of people, collectively makes powerful anti-spam effect.

Then maybe we complete the circle, realizing that we are the beneficiaries of these powerful anti-spam systems, that our time is greatly saved by these systems, and that we are not just being altruistic in our contributions, we are helping ourselves.

The personally efficient way to handle many things is this way, being helpful to the larger community that you are by nature a member of, and personally capitalizing on the beneficial effects of the economies of scale and other mass dynamics/synergistic effects.

This is where selfishness meets altruism. So, why not help others, when you are really helping yourself?

Just block their domain and get on with your life. If you value your time at, say, $20/hr, how much are you willing to spend in order to get nothing in return?

The satisfaction of seing a spammer ruined would be worth several hours of my time for me. Sure it is pure and evil revenge. However, doing to them the only thing that makes them stop is... well, the only road you can take to eventually make them stop.

Blocking their domain seems like the low-cost solution. Until you realize that you need to block not only their domain, but hundreds of others as well. Increasing the risk of spamming by making them pay, on the other hand, has effects beyond the one you sued o

I heard on IRC that they use pirated software to spam, although I have no first hand knowledge or documentation. Are there not paramilitary heavily armed SWAT team like organizations that break down doors, like we have in the land-of-the-unfree to your south?

Also CP is sold by spammers, and they are spammers, so they probably traffic in CP, correct? The legal system loves to bust CP distributors.

I've had the issues as the original poster. So, about 6 years ago, when I was about to change email addresses anyway, I signed up for an account at Spamgourmet.com [spamgourmet.com]. I hoped that I would never need to worry about unsubscribing again.

It works perfectly. I place unique characters in every address that I give out online. The first 'n' messages to a particular address get forwarded to my main address. After that, they get eaten by spamgourmet. I have to manually increase the limit or designate an exclusive

Another Thumbs up for SPAMGOURMET, every vendor gets their own, count limited, email address. (alternatively, an unlimited exclusive sender so discship@netflix always comes through and I don't have to keep resetting the count) This lets me know when and to whom they sell the address. Good Stuff. You can even download the code and set up your own relay if you are a corporation and want to provide a similar server for your users under your own control.

Thats a pretty cool idea, but from looking over their site, It seems a little flawed. This only works so long as everybody else is ignorant to the existence of spamgourmet. If somebody was to realize what was up, they could take your frombigcorp.3.spacecowboy@spamgourmet and instead just send it to frombigcorp.20.spacecowboy@spamgourmet, you don't really have much control over that part. It only works if the person treats the email as a normal verbatim email. I can pretty easily write a script that takes an

There is a simple and SUPER fun way to combat this. Get the google toolbar with auto fill for forms, and sign up for every free thing on the market you can with their address. This was done to a spammer a couple years back in the US and I guess once your postal mail volume reaches a certain ammount they stop delivering it, and bill you if you dont pick it up.
If 10000 people sign them up for 1000 deliveries of junk real mail, they might get the picture. Maybe....

I got a call from a telemarketer on my cell phone at 3AM one day. I called the number back and found that it was a standard voice/prompt setup. I randomly dialed buttons until I got to a dial by extension choice. I then dialed every extension I could think of, leaving voicemails on every line, stating that the next time I get called on my cell phone at 3AM I would sue the company out of existence. Where I live the law is on my side on this, it is illegal to call before 9AM or after 7PM here. It must have gotten through to one of the people I left a voicemail for, because they never called again. Harass them more than they harassed you by wasting their time, and they'll find a way to stay out of contact with you.

And never, ever, ever click unsubscribe from anyone but the most reputable companies. It lets the spammers know that someone at that address actually reads those emails, and they don't mind sharing it with their sister companies.

There are some people or companies that will clean up their act when they have been sued. Sometimes it takes more.

Within a week after I had been contacted by one drug spammer that I sued, my spam load went down by 50%.

Another Spammer I sued, put in place a strong anti-spam policy and apparently quite effective.

When I went after Avtech Direct (Arlene Sediqzad and Gary Hunziker ) for spamming, I also helped arrange 21 lawsuits against them. After this was over, Sediqzad told me she wish she never heard of e-mail, and had not heard of it until Gary Hunziker got her into using it.
Another spammer, Robert Smoley [sun-sentinel.com], stopped, only because he was charged, pled guilty, and sentenced to 40 months. They also seized over $40M of money and property from him. I think that is one of my most productive 45 minute phone calls with an IRS agent ever.

But this company you talk to is like Smoley, or Ralsky who needs to be sued multiple times or imprisoned for a while before they stop spamming.

Or, even better, if you can get their fax number how about full-color Goatse in the mail or by fax? By email too, but Goatse coming out of a fax machine seems like it would be a nice gift to send them.

I read about someone who responded to them with a carefully written contract, saying that they have the email address for business purposes, and by emailing him at that address, they were entering into a business relationship with him. In doing so, they were liable for his billing purposes, and that every email would be billed at his normal billing, in hour increments.

And that continuing to email him was considered an agreement of terms. And ask them to kindly provide their billing address.... and legal ser

One should go one step further. The problem with your proposal is that a free speech argument would be made. You are not offering a service to the individual, and there is no way that receiving any kind of mail is going to be counted as a service by any court. You need to supply a service to the spammer.

Ad to your letter that one of the services that your business provides is "marketing consulting", and that the address they are sending the spam to is the evaluation request address. Thus, by submitti

I thought Canada had an opt-in rule. I used to work for a major bank and we weren't allowed to send email to Canadians until they opted in. In the US you can send spam until they opt-out. I have no idea whether or not the rules are enforced or violators get fined up there, but that's the law as it was explained to me by the legal department at the bank when the opt-in law in Canada was passed.

I do not recommend posting their mailbox address on Slashdot.
And if someone were to do so, I do not recommend subscribing their office to all sorts of catalogs and junk mail subscriptions.
That would be irresponsible!

precision orbital strike come to mind...
but in all seriousness, as i work at a hosting company, just give theirs a call and detail the problem.

heres a little snip from the mx for the domain...
220-crescent.web-dns1.com ESMTP Exim 4.69 #1 Tue, 08 Nov 2011 13:15:43 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

Send them an email, carboned to every email address for everybody in the company you can find. That email says something along the lines of:

I am getting a large amount of spam emails from your company. I have tried normal channels to get them to stop, but they have actually gotten worse. I am appealing to you to put a halt to these emails. I will forward you examples of the emails I have received.

Then set up an auto-forward rule that forwards every single spam to that same list, with the text:

Here is an example of the spam I am receiving from your company. As I acquire more examples, I will forward them on as well.

This relies on them even caring, the return address being even vaguely valid and them actually bothering to do more than just redirect incoming mail to/dev/null, let alone bothering to have someone on the payroll who will read emails from people they've spammed.

Although that does sound like an effective way to fight spammers you'll have to do it anonymously since they could charge you with spamming.

That does actually sounds like it would be very effective. Just be sure not to trip any anti-spam filters with your randomized text, perhaps instead of random you'll want to do some combination of words that they would not want to filter such as "Where do you want me to send my credit card information?" or "I will gladly help you smuggle your money out of your country.

Ah yes, the AtPtEaAotCEbRCAtDRoEMoCOCAatAtCRTaTCAtCAtPIPaEDAatTA Act. Rolls right off the tongue.

Or is "Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act" actually the acronym [youtube.com]

Wrong focus. While at first pass it may seem that blocking email based on country affiliation makes sense because of the ratio of spam/ham you get from them, you need to look at the meaning of the criterion you're using. Yes, there will be some correlation between governance and spam, but that correlation is loose, and the collateral damage is (theoretically) oppression by geography. These people already have screwed up governments, why make it harder for them to be global citizens?